Built‑in Merge Protections

Protections available out of the box: Depends-On, Merge-After, Configuration Changed.

These protections are automatically interpreted — no configuration required.

Depends-On

Section titled Depends-On

Block merging until specified pull requests are merged.

Declare dependencies in the PR body:

Depends-On: #123
Depends-On: https://github.com/org/repo/pull/123
Depends-On: org/repo#123
Using Depends-On in the pull request body on GitHub

Rules:

  • All referenced PRs must be in repositories with Mergify enabled
  • They must belong to the same organization
  • Cycles are ignored (a PR depending on itself or circular chains)

Use cases:

  • Feature split across multiple repos
  • Schema then implementation
  • Chained refactors

Merge-After

Section titled Merge-After

Delay merging until a future time using a header in the PR description:

Merge-After: 2025-09-01T09:00:00Z

Supports the standard timestamp format. Useful for coordinated releases or off-peak deploy windows.

Using Merge-After in the pull request body on GitHub